From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <guix-devel-bounces+larch=yhetil.org@gnu.org>
Received: from mp12.migadu.com ([2001:41d0:403:4789::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by ms8.migadu.com with LMTPS
	id cP+KKL2qNmUzqQAAauVa8A:P1
	(envelope-from <guix-devel-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Mon, 23 Oct 2023 19:17:49 +0200
Received: from aspmx1.migadu.com ([2001:41d0:403:4789::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by mp12.migadu.com with LMTPS
	id cP+KKL2qNmUzqQAAauVa8A
	(envelope-from <guix-devel-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Mon, 23 Oct 2023 19:17:49 +0200
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by aspmx1.migadu.com (Postfix) with ESMTPS id 3D50C6001E
	for <larch@yhetil.org>; Mon, 23 Oct 2023 19:17:49 +0200 (CEST)
Authentication-Results: aspmx1.migadu.com;
	dkim=pass header.d=gmail.com header.s=20230601 header.b=N24+AHML;
	dmarc=pass (policy=none) header.from=gmail.com;
	spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org"
ARC-Seal: i=1; s=key1; d=yhetil.org; t=1698081469; a=rsa-sha256; cv=none;
	b=FWlPnGsyNQhmdRU8ci32LoKlwd73LIUXM6cXcFuQsu5WBLkmiigGuOBpUujGiZyfZJ8MBL
	vkA+oW3VgEof10HKqhagt9kc/nKmlT2/fJuQhor4v53CyHAd14pe10Tfi409k5RWYHK2k2
	eNOLMa1rKzCPfCPX1g6trtag2sllrpyucUTc228GFoNGvKsOU6xqCnTJDOk+jPvI3vq774
	lCXmX87R5TSI4URUOavdnL/H7bRkGr+INEVBCazka5ffhqII26A3h5L+Pou7Mrud5t+m0c
	77j0Ii/gzmRpA7ko4G4aUsELcn5Yta/R28LKKY1FavyFr2x4VXnTyKeQYLJtiQ==
ARC-Authentication-Results: i=1;
	aspmx1.migadu.com;
	dkim=pass header.d=gmail.com header.s=20230601 header.b=N24+AHML;
	dmarc=pass (policy=none) header.from=gmail.com;
	spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org"
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org;
	s=key1; t=1698081469;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:in-reply-to:in-reply-to:
	 references:references:list-id:list-help:list-unsubscribe:
	 list-subscribe:list-post:dkim-signature;
	bh=g0oJxVRpEpgnO009I934yQRLnMaC3982+dV8iqfky5c=;
	b=Zf17JGmXfCR7QouXargJzrV/FwZYSuQWxhiaKB9vSeMFKvMtGUMxXN9NmpYOw+SAdRGYKr
	P/2ObzNWWb7c49EH7nUzfNnIgphUgBAucSNlG9o0cRe8Hz9ZUsgEqnmHq1p2yUhvC1jOx0
	0jywBwoB10Y3+wiuAybRXvqpK/ZwGEiLfrOt2GlRTNUqNEhx8UivYadhK0zoygqMrAGdMb
	xqNAyC9YR9+e6xZriSbW7fUm78hTdpkPhwozO1sACgCP3KQcIbCi/kEuquzLoJFswEHpXB
	iOSjoa+C7zCaJmvIV5FtWPhaS5euBT0TUTcew9Am0OgzCFuzuS8PStm1WyZnQg==
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <guix-devel-bounces@gnu.org>)
	id 1quyYG-0001hF-EQ; Mon, 23 Oct 2023 13:17:16 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <n.debonnaire@gmail.com>)
 id 1quyYE-0001gy-Gl
 for guix-devel@gnu.org; Mon, 23 Oct 2023 13:17:14 -0400
Received: from mail-lj1-x234.google.com ([2a00:1450:4864:20::234])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <n.debonnaire@gmail.com>)
 id 1quyYC-0005x5-Lz
 for guix-devel@gnu.org; Mon, 23 Oct 2023 13:17:14 -0400
Received: by mail-lj1-x234.google.com with SMTP id
 38308e7fff4ca-2c50cf61f6dso53920351fa.2
 for <guix-devel@gnu.org>; Mon, 23 Oct 2023 10:17:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20230601; t=1698081431; x=1698686231; darn=gnu.org;
 h=cc:to:subject:message-id:date:from:in-reply-to:references
 :mime-version:from:to:cc:subject:date:message-id:reply-to;
 bh=g0oJxVRpEpgnO009I934yQRLnMaC3982+dV8iqfky5c=;
 b=N24+AHMLYUCB3J9Se9zKlERmGclkntbwxk5L/7nL/CU3esqJPFgmvNzUVmxUqufPZ5
 33jO4XsObhusRUqf9ofAGE/lNvYHESiRd7Ll2wUtXO+dI9+OkJuACbfHAG6TzT1YP+mX
 IHPWwidlRPmSHI8HgYt1EaSxXJFqL9KLoz2hmPlmbdPu94FbiyHzooAuuCx2Q30k8t22
 2Xm1tGBKCuBBPpEHdvQpSMOWHR5Ggkmb3hnNcJ/zoMKWxqQmqhDceWrvW93Lry0vlUMR
 hb668MFpa4WvJI+B13XBlKLo/P364H8dtAbZ067voAUkKdcxnTKNWJZQN9zznzppVBZx
 YTVQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1698081431; x=1698686231;
 h=cc:to:subject:message-id:date:from:in-reply-to:references
 :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id
 :reply-to;
 bh=g0oJxVRpEpgnO009I934yQRLnMaC3982+dV8iqfky5c=;
 b=LhlTEVdNk++VA11qCRdUSE5FaO75BmMNi+W8wldk7gRlGy8JBljNYtxDd8UxJMnR28
 3sIAksh6SX+zjS+GqCPiVLd7CKgnTPHvCI9ahYFJejrhRufFsxOSbZgzrE+FNXhTWnap
 eJQ/GMZbq3i9uAku3KOX0fW2SGUmKhyqKxZAHbPs8UVbsKkWzaditl0NBSownjTzKyZs
 Ts/5sfuhLCB6hC9585UTO+yMJQBiKTVQUxFnnbzFkTdwcMqZ/YnHdH/SRPDe6ayIaP4F
 TAr4cm94Yk0OuLeWitdX5EmqK+YEwIYZqXE7AMxIApQWWXUSBJ0I9UUSn0vYWWxvOrs4
 W6Pg==
X-Gm-Message-State: AOJu0YwpO8lCHaWco/MUmp69/9pgNrT5J60lrDI+H2TtKNjxt9mUWFDL
 SttHcTI73tNQCcyM62WhqJHpLsPB9gj61iPzVRk9TuN1BIM=
X-Google-Smtp-Source: AGHT+IGz4oGPQhEEEwI1Qvl4V6zIc8WYQhuar12JNY/2UXljCLzpwGP31nk853RB2R/+e6RP1Ri7V/AemHG96p8CT2o=
X-Received: by 2002:a05:651c:1541:b0:2c5:2fa8:716a with SMTP id
 y1-20020a05651c154100b002c52fa8716amr10213870ljp.9.1698081430608; Mon, 23 Oct
 2023 10:17:10 -0700 (PDT)
MIME-Version: 1.0
References: <CANOKM3d_O=9iPYc6yJ91XKKGKi4+Ei01Di4=tcv7G6_DaH3WNw@mail.gmail.com>
 <87ledikx1u.fsf@gmail.com> <ZPoMOownmyo2ADhc@ws> <86v8clajxs.fsf@gmail.com>
In-Reply-To: <86v8clajxs.fsf@gmail.com>
From: =?UTF-8?Q?Nicolas_D=C3=A9bonnaire?= <n.debonnaire@gmail.com>
Date: Mon, 23 Oct 2023 19:16:59 +0200
Message-ID: <CANOKM3f1+-3WC0G9Ri497rLE+4CZKySnr4mtj+akXNtLAP7y7Q@mail.gmail.com>
Subject: Re: Building from git
To: Simon Tournier <zimon.toutoune@gmail.com>
Cc: wolf <wolf@wolfsden.cz>, guix-devel@gnu.org
Content-Type: multipart/alternative; boundary="00000000000078a00006086564ac"
Received-SPF: pass client-ip=2a00:1450:4864:20::234;
 envelope-from=n.debonnaire@gmail.com; helo=mail-lj1-x234.google.com
X-Spam_score_int: -10
X-Spam_score: -1.1
X-Spam_bar: -
X-Spam_report: (-1.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001,
 FREEMAIL_REPLY=1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001,
 SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no
X-Spam_action: no action
X-BeenThere: guix-devel@gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Development of GNU Guix and the GNU System distribution."
 <guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
 <mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/guix-devel>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
 <mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org
Sender: guix-devel-bounces+larch=yhetil.org@gnu.org
X-Migadu-Country: US
X-Migadu-Flow: FLOW_IN
X-Migadu-Scanner: mx1.migadu.com
X-Migadu-Spam-Score: -9.26
X-Spam-Score: -9.26
X-Migadu-Queue-Id: 3D50C6001E
X-TUID: RpgFMRBi+yAW

--00000000000078a00006086564ac
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

Hi,
Looks like it's working.
I was able to complete the "building from git" section of the documentation
after an update of guix.
Thanks everyone.

Le sam. 9 sept. 2023 =C3=A0 11:01, Simon Tournier <zimon.toutoune@gmail.com=
> a
=C3=A9crit :

> Hi,
>
> On Thu, 07 Sep 2023 at 19:45, wolf <wolf@wolfsden.cz> wrote:
>
> >> The Makefile does not run =E2=80=98guix git authenticate=E2=80=99 usin=
g ./pre-inst-env.
> >> And that=E2=80=99s probably to ensure the source of trust.  If one cor=
rupt the
> >> commit that is built, then =E2=80=99make authenticate=E2=80=99 would a=
uthenticate the
> >> corruption because it would run the corrupted newly built guix command=
.
> >> Currently, =E2=80=99make authenticate=E2=80=99 run one guix command th=
at had already
> >> been authenticated.  Well, that=E2=80=99s my understanding.
> >
> > Hmm, but the recipe for the authenticate rule comes from the (possibly)
> > compromised source, no?  So the attacker can just modify the recipe
> instead of
> > the command going the authentication.  Am I missing something?
>
> Yes, the corruption of Makefile.am can be the corruption I was talking
> about.
>
> Well, for more explanations one can maybe read:
>
>         [bug#57909] bug#57910: [PATCH] Add link to 'pre-inst-env' from
> 'installing from git' docs
>         Ludovic Court=C3=A8s <ludo@gnu.org>
>         Sat, 24 Sep 2022 17:58:29 +0200
>         id:87k05s7oii.fsf_-_@gnu.org
>         https://issues.guix.gnu.org//57910
>         https://issues.guix.gnu.org/msgid/87k05s7oii.fsf_-_@gnu.org
>         https://yhetil.org/guix/87k05s7oii.fsf_-_@gnu.org
>
>         [bug#57909] bug#57910: [PATCH] Add link to 'pre-inst-env' from
> 'installing from git' docs
>         Maxime Devos <maximedevos@telenet.be>
>         Sat, 24 Sep 2022 18:23:10 +0200
>         id:ec49e6c2-a542-7d95-0d73-10b2816c59d2@telenet.be
>         https://issues.guix.gnu.org//57910
>
> https://issues.guix.gnu.org/msgid/ec49e6c2-a542-7d95-0d73-10b2816c59d2@te=
lenet.be
>
> https://yhetil.org/guix/ec49e6c2-a542-7d95-0d73-10b2816c59d2@telenet.be
>
> Cheers,
> simon
>

--00000000000078a00006086564ac
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div><div>Hi,<br></div>Looks like it&#39;s working.<br></d=
iv><div>I was able to complete the &quot;building from git&quot; section of=
 the documentation after an update of guix.</div><div>Thanks everyone.<br><=
/div></div><br><div class=3D"gmail_quote"><div dir=3D"ltr" class=3D"gmail_a=
ttr">Le=C2=A0sam. 9 sept. 2023 =C3=A0=C2=A011:01, Simon Tournier &lt;<a hre=
f=3D"mailto:zimon.toutoune@gmail.com">zimon.toutoune@gmail.com</a>&gt; a =
=C3=A9crit=C2=A0:<br></div><blockquote class=3D"gmail_quote" style=3D"margi=
n:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex=
">Hi,<br>
<br>
On Thu, 07 Sep 2023 at 19:45, wolf &lt;<a href=3D"mailto:wolf@wolfsden.cz" =
target=3D"_blank">wolf@wolfsden.cz</a>&gt; wrote:<br>
<br>
&gt;&gt; The Makefile does not run =E2=80=98guix git authenticate=E2=80=99 =
using ./pre-inst-env.<br>
&gt;&gt; And that=E2=80=99s probably to ensure the source of trust.=C2=A0 I=
f one corrupt the<br>
&gt;&gt; commit that is built, then =E2=80=99make authenticate=E2=80=99 wou=
ld authenticate the<br>
&gt;&gt; corruption because it would run the corrupted newly built guix com=
mand.<br>
&gt;&gt; Currently, =E2=80=99make authenticate=E2=80=99 run one guix comman=
d that had already<br>
&gt;&gt; been authenticated.=C2=A0 Well, that=E2=80=99s my understanding.<b=
r>
&gt;<br>
&gt; Hmm, but the recipe for the authenticate rule comes from the (possibly=
)<br>
&gt; compromised source, no?=C2=A0 So the attacker can just modify the reci=
pe instead of<br>
&gt; the command going the authentication.=C2=A0 Am I missing something?<br=
>
<br>
Yes, the corruption of Makefile.am can be the corruption I was talking abou=
t.<br>
<br>
Well, for more explanations one can maybe read:<br>
<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0 [bug#57909] bug#57910: [PATCH] Add link to &#39=
;pre-inst-env&#39; from &#39;installing from git&#39; docs<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0 Ludovic Court=C3=A8s &lt;<a href=3D"mailto:ludo=
@gnu.org" target=3D"_blank">ludo@gnu.org</a>&gt;<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0 Sat, 24 Sep 2022 17:58:29 +0200<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0 <a href=3D"mailto:id%3A87k05s7oii.fsf_-_@gnu.or=
g" target=3D"_blank">id:87k05s7oii.fsf_-_@gnu.org</a><br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0 <a href=3D"https://issues.guix.gnu.org//57910" =
rel=3D"noreferrer" target=3D"_blank">https://issues.guix.gnu.org//57910</a>=
<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0 <a href=3D"https://issues.guix.gnu.org/msgid/87=
k05s7oii.fsf_-_@gnu.org" rel=3D"noreferrer" target=3D"_blank">https://issue=
s.guix.gnu.org/msgid/87k05s7oii.fsf_-_@gnu.org</a><br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0 <a href=3D"https://yhetil.org/guix/87k05s7oii.f=
sf_-_@gnu.org" rel=3D"noreferrer" target=3D"_blank">https://yhetil.org/guix=
/87k05s7oii.fsf_-_@gnu.org</a><br>
<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0 [bug#57909] bug#57910: [PATCH] Add link to &#39=
;pre-inst-env&#39; from &#39;installing from git&#39; docs<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0 Maxime Devos &lt;<a href=3D"mailto:maximedevos@=
telenet.be" target=3D"_blank">maximedevos@telenet.be</a>&gt;<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0 Sat, 24 Sep 2022 18:23:10 +0200<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0 <a href=3D"mailto:id%3Aec49e6c2-a542-7d95-0d73-=
10b2816c59d2@telenet.be" target=3D"_blank">id:ec49e6c2-a542-7d95-0d73-10b28=
16c59d2@telenet.be</a><br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0 <a href=3D"https://issues.guix.gnu.org//57910" =
rel=3D"noreferrer" target=3D"_blank">https://issues.guix.gnu.org//57910</a>=
<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0 <a href=3D"https://issues.guix.gnu.org/msgid/ec=
49e6c2-a542-7d95-0d73-10b2816c59d2@telenet.be" rel=3D"noreferrer" target=3D=
"_blank">https://issues.guix.gnu.org/msgid/ec49e6c2-a542-7d95-0d73-10b2816c=
59d2@telenet.be</a><br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0 <a href=3D"https://yhetil.org/guix/ec49e6c2-a54=
2-7d95-0d73-10b2816c59d2@telenet.be" rel=3D"noreferrer" target=3D"_blank">h=
ttps://yhetil.org/guix/ec49e6c2-a542-7d95-0d73-10b2816c59d2@telenet.be</a><=
br>
<br>
Cheers,<br>
simon<br>
</blockquote></div>

--00000000000078a00006086564ac--